Showing results for 
Search instead for 
Did you mean: 

Guarantee A Clean Image From Ransomware—Veritas IRE Secure as Default Architecture

Level 1

NetBackup Malware Detection provides more control in the detection and recovery portions of the Isolated Recovery Environment - IRE workflow. On-demand malware scans and anomaly detection triggered from high anomaly scores ensure confidence in the data integrity of the backup image on the production NetBackup Domain. Adding NetBackup malware scanning engine on the IRE side ensures a clean image to your AirGap Flex Appliance WORM storage to resist the growing cyber-terror threats. During the Ransomware attack, you can scan the image from the WORM storage before restoring it. Secure as default architecture guarantee a clean image and recovery from Ransomware attack. 

The NetBackup 10 release includes integration with leading malware scanners such as Microsoft Defender and Symantec Protection Engine. Storing the scan’s status in the NetBackup catalog empowers you to restore confidently with visibility into the malware scan status.  Once an impacted image is detected, you can view the impacted files list, expire all copies, or leave the image in place where the scanning status tag will alert when the backup image is selected in a recovery workflow in the future. The last-known-good image will be clearly visible in the recovery workflow, and selecting an impacted image will present several warnings to the user.


Malware scanners can be deployed on one or more hosts, depending upon concurrent scanning requirements. These scan hosts are grouped together into a scan pool that is capable of inspecting unstructured data of either MS-Windows or Standard data types.

Malware scanning can be initiated using the WebUI or launched automatically when a high anomaly score is generated from Anomaly Detection activity. You can also create custom data protection workflows using our powerful APIs. Scan pools should be configured with a common malware application along with the desired protocol, and you should not mix engines or protocols when adding additional scan hosts.

Malware Detection leverages Universal Shares, so you don’t need to configure a specific share for scanning. NetBackup Flex appliances have all the pre-requisites for Malware Detection and support SMB and NFS shares.

The MSDP host exposes the image to the scan host as a read-only share, so there is no additional risk to read a potentially infected image. As an image passes through its Storage Lifecycle Policy (SLP), you can scan images once they reside on MSDP without interrupting the secondary SLP operations.


Suppose a file selected for restore is marked as impacted. In that case, the clean restore will restore that file from an uninfected backup, allowing a safe and effective way to recover from that point-in-time without re-infecting the target machine. The command-line interface (CLI) option for this newly added feature is bpcleanrestore. This command’s options will be familiar since it parallels the often used bprestore command.

The combination of NetBackup’s anomaly detection and malware scanning with Flex Appliances’ multiple layers of security in an air-gapped configuration provides the easiest and most secure way to protect your important backup data. Recover your applications quickly with Universal Share and have confidence that you are recovering from a known clean copy with the clean restore option. Read the solution overview of Veritas Isolated Recovery Environment for more information.